back to article Euro commissioner tells Facebook it has nowhere to hide

European Commissioner Viviane Reding was in the UK on Monday to warn banks that they will be required to immediately notify customers about data security breaches. The Register visited the Brussels justice minister and vice president at the Commission's London office yesterday lunchtime to learn more about her seemingly personal …

COMMENTS

This topic is closed for new posts.
Silver badge
Coffee/keyboard

targeted advertising "an interesting business model"?

Wow, that's the most inventive way I've yet seen to say "big, fat pain in the ass".

3
0
Thumb Up

Thank you again Ms Reding

Please continue your one (wo)man crusade to put corporates and criminals disguised as politicians back in their box. Thank you so much for sticking it to the thieving mobile operators, please do take the bat and beat Phorm and BT out of existence.

Whilst you are at it perhaps you could stop DVLA selling all our data to car thieves and stalkers and prevent Experian selling lies about us without our permission. If I apply for credit I will give the company I am dealing with explicit permission to seek credit record data about me otherwise it is my data and nobody has any cause to look at it. Of course this is a double win because if my credit record is not available the eastern european crime gang trying to open bank accounts in my name can't so we close much of the identity fraud problem at the same time. It's a win for everybody except the criminals doing identity fraud and the marketing vermin.

19
0
Joke

@ The Cube

Or you and just have a really crappy credit score and no will try to steal your credit! :-P

0
0
FAIL

Grieves me

That we have to rely on an unelected Eruocrat to promote our interests, rather than our own elected representatives.

12
0
Bronze badge

@Pete B

Just for the record, that is exactly what the UK House of Lords is supposed to be there for. Shame that all of the 'modernisation' recently has made it into nothing but a shadow of the commons...

2
0
Silver badge

A real crack down

Against internet companies that steal or lose data.

Except American ones of course, and any Japanese companies with deep pockets, and Chinese or Russian owned ones because there isn't much point. And any that are too small to be worth bothering with.

And it wont apply to any government bodies that lose or sell data because that is upto the individual country.

But the rest had better watch out !

5
0

Not true

eg: Facebook.de takes you to the German facebook. That means they need to comply with EU rules.

0
0
Gold badge

Re: Not true

facebook.de takes me to http://de-de.facebook.com/.

I don't know where that's hosted, but I can't think of any reason to presume that it is within the EU. Even if it is, it doesn't affect the general principle that web sites don't have to be hosted in the country implied by their domain name.

0
0
Joke

But I was sure that.......

"our World Wide Web [which was invented by Sir Tim Berners Lee at Cern in Geneva]"

.....Al Gore invented the internet.......

1
3
Anonymous Coward

Am I correct in thinking that, to her, this is a positive statement?

"So depending on the different mentality the law was applied in a different way… in future there will be one rule to apply to the whole territory of the European law,"

"depending on the different mentality the law was applied in a different way" Good, that seems very sensible.

"in future there will be one rule to apply to the whole territory of the European law" Wtf?

1
6
Silver badge

Damn Viv

You should run for something. We might then have a world leader that does things!

1
1
Stop

make all companies responsible for protecting your data equally

"European Commissioner Viviane Reding was in the UK on Monday to warn banks that they will be required to immediately notify customers about data security breaches."

How about making all companies/governments/organizations and not just banks legally responsible for when they lose your data to a security breach? In addition they would have to assume all financial liabilities to repair the said damages that came as the result of that breach. If they try to hide the damage or the extent of it, then the people sitting in charge should be held criminally negligent and fines should be tripled and jail time applied.

My guess is with a real threat of jail time plus major fines companies, governments, and organizations would start taking security a heck of a lot more seriously. I also bet that a lot less data would be gathered and stored.

3
0
Silver badge

"I always meet people who are astonished that Christmas is on the 25th of December"

Education isn't what it used to be, I guess. Or maybe you need to call it Noël or Joulu...

Seriously, though. There is the enevitable aspect that the data slurp affected people who never bothered to apply any form of encryption to their WiFi. The French probably didn't care as it is *your* *responsibility* to secure your WiFi (part of Hadopi) so if you don't, "tant pis". The Germans, on the other hand, have a noticably different attitude. Will one law for all the land actually stand a chance of working with such different approaches by neighbouring member states?

Maybe the money involved would be better spent making "This is what they do with your data" TV adverts? Get the people to see and understand what is going on in the background, and let the populace decide. If enough people bail, they might start to rethink their attitudes.

However, I feel that many wouldn't care. We "benefit", from instant social networking, from points/reductions on store loyalty cars, from easy cashless payments, from dirt-cheap internet access. The slime dripping down behind the scenes is of less relevance. But is this because nobody cares if a shop is able to profile you from your purchase history, and pass this info on to third parties... or is it because nobody really understands how easy it is to reliably profile and identify a specific individual with sufficient data. Like that little Facebook "Like" button. I have another window open with a "Like" button. The graphic comes from facebook.com, however Facebook cookies are session-wiped and the site is not permitted in NoScript, so the best they'll manage is "somebody from this IP address looked at this and this page". Now if you have a computer that lets more stuff in, or even a Facebook account that you stay signed into, it can track you all over the place. Remember, every time you see that damned Like button, you've just told Facebook you're there.

Indeed. Time for some TV adverts to point out this sort of thing.

0
0
Big Brother

It's the lizard men from Rigel 7, that are in charge!

Sadly the paranoid, X-Files watcher in me says it's not that they don't care, it's that once these places have harvested all this useful info, the world's Govs come along, regulate them to death and demand they hand over copies of the collected data.

( "Paranoid? I KNOW they're out to get me!" )

0
0
Paris Hilton

reciprocal?

So, will United States law now apply to European servers too?

Just asking?

Paris, because I haven't a clue either.

1
0
Gold badge

Nowhere to hide?

"The law is for everyone who does business on the territory of Europe, whatever the origin of the business might be. So you cannot hide anymore by saying ‘I do not have my headquarters in Europe’."

Does Facebook do business in the EU? That is, does it have a subsidiary through which it sells its products, or does it conduct all its business through its (US-based) website.

Companies that operate exclusively through the internet have no need to duplicate their points of presence in every country, as long as uncensored web access is available. Perhaps the commissioner hasn't caught up with this new reality. Or perhaps she wants to follow the Chinese model.

1
0

Yes, it even has offices in Ireland

At least at the moment...

0
0
FAIL

Engage brain before posting

Does Facebook do business in the EU? That is, does it have a subsidiary through which it sells its products, or does it conduct all its business through its (US-based) website.

What has having a subsidiary based in the EU got to do with doing business in the EU?

Regardless of where their corporate presence is, they provide a service (ie do business) in the EU via the internet. As the commissioner rightly points out, hiding your servers or your headquarters elsewhere is not an excuse to avoid EU laws.

Perhaps it is you that has not caught up with this new reality?

0
0

Yup

----

Regardless of where their corporate presence is, they provide a service (ie do business) in the EU via the internet. As the commissioner rightly points out, hiding your servers or your headquarters elsewhere is not an excuse to avoid EU laws.

----

Yup - especially since that's already the case the other way around; for instance allowing residents of some US states access to your online gambling outfit (with servers based outside the US) can land you in serious hot water over there... though with our somewhat one-sided extradition treaty you could (theoretically) be shipped off to be screwed over despite having done nothing illegal outside Arkansas.

0
0
Gold badge

Re: Engage brain

I did. You didn't.

EU citizens are able to use the internet to communicate with foreign companies and can use various financial services to pay those companies money. This means that EU citizens can conduct business with those companies without those companies having any presence in the EU whatsoever, either legal or physical. (It's no different from buying stuff when you are on holiday. You are subject to the laws of the country where you bought it.)

If a company has no legal presence in the EU then you can sue them all you like but courts will be unable to extract fines or sentence directors simply because EU law doesn't apply in other parts of the world. Nor should it.

Still confused? Consider a North Korean buying something off your website? Are you now subject to North Korean law? Of course not, and if the Kims decided that you were and prosecuted you then you'd just laugh at them.

1
0
Facepalm

Re: Re: Engage brain

... (It's no different from buying stuff when you are on holiday. You are subject to the laws of the country where you bought it.)...

And when you try to import them you're very much subject to the laws of the country you're bringing it into, even those in which you're re just switching planes and won't be leaving the airport, so the stuff may well get confiscated. Also, notice one small thing. When you buy something on a holiday, the transaction is "coincidentally" subject to the laws of the country where you physically are at the moment you're making the transaction.

The matter is complex. A country can't fine a manufacturer that has a product that's clearly labeled to be up to specs that don't conform to the local standards, but it can ban importation of such a product. It makes sense to apply the same principle to importation of services.

Room for abuse? As with anything else. Yet which one would you rather have, a service that is obliged to work and take care of your data according to the laws and standards of your own country, or the one which makes your data subject to the laws and whims of some god forsaken place where they might have physical boxes because it has cheap electricity and "relaxed" standards on how user data is to be treated?

0
0
Gold badge

@E_Nigma

"And when you try to import them you're very much subject to the laws of the country you're bringing it into, even those in which you're re just switching planes and won't be leaving the airport, so the stuff may well get confiscated."

With a physical object, that's true even today if the purchase was made over the internet, since we've had mail order companies since forever. But if the Dear Commissioner would have that apply to Facebook, then she is presumably applying it to a service that is performed abroad (giving you a presence on a foreign web site) and in connection with which no physical object is ever imported. You don't bring services back. The analogy doesn't work.

And if you *really* want to carry your airport analogy further, that would imply that the service is subject to the laws of every country that packets hop through. Quite apart from being impractical to determine, if the packets are carried via multiple routes then who is to say which countries the *service* is carried through?

The only *practical* solution is the one that says business transactions take place in the country that hosts the server and any physical deliverables are subsequently imported *by the purchaser*. The commissioner's approach would mean that websites would have to determine the legal jurisdiction of their customers before they know if it is safe to do sell to them. Last I heard, IP-address geolocation wasn't something I'd want to rely on in a court of law.

0
0
Anonymous Coward

sums up politicians

"[and told them] that Christmas is on the 25th"

Except of course when it's on the 7th of January if you follow certain forms of Christianity.

The privacy law only helps one group of people, bureaucrats, it keeps them in business and will do very little for anyone else. If someone doesn't know how to set their browser to delete cookies at shut down then they wont care/understand about cookies and will just accept because it's easy.

As for me, I don't care about cookies.

0
1
Big Brother

Oh you gotta love governments

Haha. Hillarious, old biddy yelling about "getting them and their little dog too". It won't change anything: big, wealthy business will STILL be just the same. Little, one-man bands that have no money for fancy lawyers: watch out. This old biddy is coming for you!

1
1
Anonymous Coward

International policing of the internet is just a matter of time.

Just as the lawless wild west ended so to will the internet equivalent.

It is in the interest of all nations and society that the internet function and that the rule of law prevail. The mechanism of enforcement is simple. Block the traffic of those who seek to hide behind international borders. This obviously has many practical difficulties but can be done, especially to large companies with a well known addresses.

If, for example Facebook tried to avoid submitting to a German privacy Law and the German courts had the power to force all ISPs in Germany to block all Facebook traffic then thats a pretty big enforcement tool. Facebook would have a pretty stark choice. Submit or for Germany accept that the only users you have will be those who can be bothered to use a VPN to access your site. It would be amusing to watch lawyers try to argue against such sanctions in a jurisdiction where they claim they are not subject to the local courts in the first place. Of course Facebook would go crying to Uncle Sam for help against the big bad Europeans.

Ultimately a set of International laws will be developed and adopted so that the scenario I've outlined above can be avoided. It won't be easy but it is necessary. The current situation is not sustainable.

1
0
Gold badge

Re: The method of enforcement is simple.

"Block the traffic of those who seek to hide behind international borders. This obviously has many practical difficulties but can be done, especially to large companies with a well known addresses."

Umm, no. The *specification* of enforcement is simple, as you describe. However, the *method* is considerably harder, for several reasons. For one, the "well-known addresses" you speak of would have to be blocked at every border router in the legal jurisdiction trying to block. For another, they don't include the addresses of people mirroring or providing tunnels to the restricted content, and whilst *that* may be illegal in your country is certainly won't be in your neighbours, so you'd have to add "every foreign mirror and proxy" to that list of addresses you are blocking on every route in. For a third thing, the address you are trying to block might be a dynamically allocated one, so you'd have to snoop DNS servers to keep your huge list up to date.

So it *can* be done, but it is rather expensive. The Chinese seem to spend quite a lot of effort on it and after all that effort they still rely on "disincentives" for people who uncover errors and omissions in the block list.

Of course, if the IP address space were more cleanly aligned with legal jurisdiction, it would at least be possible for people to *know* whether the site they are doing business with is in the same jurisdiction, and therefore sue-able in the event of disappointment. However, that's solving a slightly different problem. Specifically, that's "giving users the tools to protect themselves from stuff they don't want" rather than "giving government the tools to protect people from stuff they do want". In a free society, the latter is impossible whereas the former is relatively simple once you've figured out that this is what you should be trying to do.

But you are right. The present situation is legally intolerable, so ultimately they will figure all this out and we will get an internet that is as safe as the street where you live. (Hmm...)

0
0
Anonymous Coward

Missed the point somewhat.

"Block the traffic of those who seek to hide behind international borders. This obviously has many practical difficulties but can be done, especially to large companies with a well known addresses."

You did rather miss the point of the "large companies with well known addresses" part of the statement. Of course lots of traffic can't be blocked but if you're Facebook then even a partially effective block is a big problem. The existence of the block generates all sorts of publicity and perhaps closer scrutiny of what you are up to at home. I also don't see Facebook permitting mirroring of their website by enthusiastic supporters even it it were possible.

My point always was that the internet need rules to protect its users just as international waters have international laws to protect the users.

0
0
Anonymous Coward

Help make the world a better place

Stay the hell away from facebook. it is poison and has proven it many times

2
0
Meh

Oh but it's cheap and convenient,

and slips down very nicely. A small sip here and there is quite pleasant, it's only the aftertaste that's a bit funny. What could possibly be wrong with that?

0
0
This topic is closed for new posts.

Forums